Skip to content

ci: specific permissions for deploy workflows #83

ci: specific permissions for deploy workflows

ci: specific permissions for deploy workflows #83

Workflow file for this run

name: Hexo Build and Deploy
on:
push:
branches: [master]
jobs:
pages:
runs-on: ubuntu-latest
permissions:
contents: read
deployments: write
env:
CNAME_tw: blog.clam.tw
CNAME_moe: blog.clam.moe
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: master
# Whether to checkout submodules: `true` to checkout submodules or `recursive` to
# recursively checkout submodules.
#
# When the `ssh-key` input is not provided, SSH URLs beginning with
# `[email protected]:` are converted to HTTPS.
#
# Default: false
submodules: 'recursive'
- name: Use Node.js 18.x
uses: actions/setup-node@v3
with:
node-version: 20
- name: Cache NPM dependencies
uses: actions/cache@v3
with:
path: node_modules
key: ${{ runner.OS }}-npm-cache
restore-keys: |
${{ runner.OS }}-npm-cache
- name: Install Dependencies
run: npm install
- name: Build
run: TZ=Asia/Taipei npm run build
- name: Deploy
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.DEPLOY_TOKEN }}
publish_dir: ./public
publish_branch: gh-pages # deploying branch
- name: Change CNAME
run: |
echo "${CNAME_tw}" | tee ./public/CNAME
- name: Pushes to another repository
uses: cpina/github-action-push-to-another-repository@main
env:
API_TOKEN_GITHUB: ${{ secrets.DEPLOY_TOKEN }}
with:
source-directory: 'public'
destination-github-username: 'sean0921'
destination-repository-name: ${{ env.CNAME_tw }}
user-email: [email protected]
target-branch: master
- name: Change CNAME
run: |
echo "${CNAME_moe}" | tee ./public/CNAME
- name: Pushes to another repository
uses: cpina/github-action-push-to-another-repository@main
env:
API_TOKEN_GITHUB: ${{ secrets.DEPLOY_TOKEN }}
with:
source-directory: 'public'
destination-github-username: 'sean0921'
destination-repository-name: ${{ env.CNAME_moe }}
user-email: [email protected]
target-branch: master